17 matches found
SourceCodester Indian Invoicing System SQL注入漏洞
SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. SourceCodester Indian Invoicing System version 1.0 suffers from a SQL injection vulnerability that stems from the Invoice Generation Handler component's manipulation of the parameter...
PT-2026-42982
A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer name/category results in sql injection. The...
EUVD-2025-21952
Malicious code in bioql PyPI...
CVE-2025-6721
The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...
CVE-2025-6721
The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...
CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation
The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...
CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation
The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...
CVE-2025-6721
The CVE-2025-6721 affects the Vchasno Kasa WordPress plugin (MORKVA Vchasno Kasa Integration) up to version 1.0.3. Root cause: missing capability check in the mrkv_vchasno_kasa_wc_do_metabox_action() function, enabling unauthenticated users to generate invoices for arbitrary orders. This is an un...
WordPress plugin Vchasno Kasa 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-44313
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...
CVE-2024-44313
Summary: CVE-2024-44313 affects TastyIgniter 3.7.6. An Incorrect Access Control flaw in the invoice() function of Orders.php allows unauthorized users to access and generate invoices due to missing permission checks. What’s affected: TastyIgniter 3.7.6; vulnerable component: app/admin/controllers...
CVE-2021-28678
A flaw was found in python-pillow. BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a denial-of-service where the decoder could be run a large number of times on empty data. Mitigation To mitigate this feature on Red Hat Quay keep th...
CVE-2021-25288
There is an out-of-bounds read in J2kDecode in j2kugrayi. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default...
Stripe: Verifying email bypass
A vulnerability was discovered in Stripe's Connect API that allowed an attacker to create an account without verifying the email address. This allowed the attacker to impersonate a real company and generate invoices and payments on their behalf. The invoices appeared valid as they were sent by...
CVE-2021-25291
A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c. Mitigation Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay...
CVE-2021-25290
A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash. Mitigation Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay...
Netartmedia iBoutique.MALL - SQL Injection
Netartmedia iBoutique.MALL - SQL Injection Name : Netartmedia iBoutique.MALL SQLi Vulnerability Date : june, 28 2010 Critical Level : HIGH Vendor Url : http://www.netartmedia.net/mall/ Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...